Category: IT|Sep 7, 2024 | Author: Admin

SonicWall SSLVPN access control flaw is now exploited in attacks

Share on

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.

"This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com," warns the updated SonicWall advisory.

 

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw impacting SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices.

 

The software vendor did not disclose much information about the flaw other than its potential for unauthorized resource access and ability to crash the firewall, thus eliminating network protections.

 

When SonicWall first disclosed the flaw on August 22, 2024, the flaw was only believed to be in the SonicWall SonicOS management access. With today's update, the company is warning that CVE-2024-40766 also impacts the firewall's SSLVPN feature.

 

Apply patches as soon as possible

 

The list of impacted products and versions, as well as the releases that address CVE-2024-40766, are summarized as follows:

 

SonicWall Gen 5 running SonicOS version 5.9.2.14-12o and older – fixed in SonicOS version 5.9.2.14-13o

 

SonicWall Gen 6 running SonicOS version 6.5.4.14-109n and older – fixed in 6.5.2.8-2n (for SM9800, NSsp 12400, NSsp 12800) and version 6.5.4.15-116n (for other Gen 6 Firewalls)

 

SonicWall Gen 7 running SonicOS version 7.0.1-5035 and older – not reproducible in 7.0.1-5035 and later.

 

Limit firewall management to trusted sources and disable internet access to the WAN management portal if possible.

 

Restrict SSLVPN access to trusted sources only and disable it entirely if not needed.

 

For Gen 5 and Gen 6 devices, SSLVPN users with local accounts should update their passwords immediately and administrators should enable the "User must change password" option for local users.

 

Enable multi-factor authentication (MFA) for all SSLVPN users using TOTP or email-based one-time passwords (OTPs). More information on how to configure this measure is available here.

 

While SonicWall has not shared how the flaw is being actively exploited, similar flaws have been used in the past to gain initial access to corporate networks.

 

Threat actors commonly target SonicWall as they are exposed to the internet to provide remote VPN access.

 

In March 2023, suspected Chinese hackers (UNC4540) targeted unpatched SonicWall Secure Mobile Access (SMA) devices to install custom malware that persisted through firmware upgrades.

 

BleepingComputer contacted SonicWall to learn more about how the flaw is being actively exploited in attacks, but a response was not immediately available.

Sponsored Ads:

Comments:


Over 200 malicious apps on Google Play downloaded millions of times

Category: Google|Oct 15, 2024 | Author: Admin

Google warns uBlock Origin and other extensions may be disabled soon

Category: IT|Oct 14, 2024 | Author: Admin

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

Category: Microsoft|Oct 13, 2024 | Author: Admin

Microsoft fixes Word bug that deleted documents when saving

Category: Microsoft|Oct 12, 2024 | Author: Admin

Microsoft Outlook bug blocks email logins, causes app crashes

Category: IT|Oct 11, 2024 | Author: Admin

The Internet archive is down - and your user information may have been stolen

Category: IT|Oct 10, 2024 | Author: Admin

Discord blocked in Russia and Turkey for spreading illegal content

Category: IT|Oct 9, 2024 | Author: Admin

Google ordered to open up the Play Store in Epic Games antitrust ruling

Category: Google|Oct 8, 2024 | Author: Admin

Recently patched CUPS flaw can be used to amplify DDoS attacks

Category: IT|Oct 7, 2024 | Author: Admin

Google removes Kaspersky's antivirus software from Play Store

Category: Google|Oct 6, 2024 | Author: Admin

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Category: IT|Oct 5, 2024 | Author: Admin

Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

Category: IT|Oct 4, 2024 | Author: Admin

Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues

Category: Microsoft|Oct 3, 2024 | Author: Admin

Microsoft Office 2024 now available for Windows and macOS users

Category: Microsoft|Oct 2, 2024 | Author: Admin

HPE Aruba Networking fixes critical flaws impacting Access Points

Category: IT|Oct 1, 2024 | Author: Admin
more